Nginx

Nginx 301 域重定向不起作用

  • March 12, 2018

我正在嘗試將我的舊域 ( ) 重定向(或者我猜是轉發)example.com到我的新域 ( example2.com) ,因為我已經更新了我的伺服器配置以適應新域。但是,我的 Nginx 配置中的 301 重定向子句似乎沒有正常工作,因為我仍然能夠訪問example.com,它重定向到https://www.example.com在將此伺服器指向新域之前設置的配置。當https://www.example.com被訪問時,它呈現Your connection is not private這很有意義,因為我將 SSL 配置更改為指向example2.com. 我的 301 配置有問題嗎?如果沒有,是不是我仍然有一個A record (example.com)指向CNAME record (www.example.com)我的 IP 地址,允許通過舊域訪問該站點存在?

*注意:*我按預期訪問example2.com哪個重定向沒有問題https://www.example2.com

這是我的 Nginx 配置:

server {
   listen 80;
   listen [::]:80;
   server_name example2.com www.example2.com example.com www.example.com;
   return 301 https://www.example2.com$request_uri;
}

server {
   listen 443 ssl http2;
   listen [::]:443 ssl http2;
   include snippets/ssl-www.example2.com.conf;
   include snippets/ssl-params.conf;
   server_name example2.com;
   return 301 https://www.$server_name$request_uri;
}

server {
   listen 443 ssl http2 default_server;
   listen [::]:443 ssl http2 default_server;
   include snippets/ssl-www.example2.com.conf;
   include snippets/ssl-params.conf;

   server_name www.example2.com;

   client_max_body_size 100M;

   location ~ ^/\.well-known {
       root /var/www/ghost;
       allow all;
   }

   location / {
       proxy_pass http://127.0.0.1:2368;
       proxy_buffering off;
       proxy_set_header X-Forwarded-Proto $scheme;
       proxy_set_header Referer "";
       proxy_set_header Host $host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection "upgrade";
       proxy_http_version 1.1;
   }
}

首先,除非您想專門使用它,否則您不必設置 IPv6。像這樣使用你的配置:

server {
   listen 80;
   server_name example2.com www.example2.com example.com www.example.com;
   return 301 https://www.example2.com$request_uri;
}

server {
   listen 443 ssl http2;
   server_name example2.com;
   return 301 https://www.example2.com$request_uri;
}

server {
   listen 443 ssl http2;
   server_name www.example2.com;

   ssl_dhparam /etc/nginx/ssl/dhparam.pem;
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_prefer_server_ciphers on;
   ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
   add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";

   ssl_certificate         /etc/nginx/ssl/example2.com.crt;
   ssl_certificate_key     /etc/nginx/ssl/example2.com.key;

   client_max_body_size 100M;

   location ~ ^/\.well-known {
       root /var/www/ghost;
       allow all;
   }

   location / {
       proxy_pass http://127.0.0.1:2368;
       proxy_buffering off;
       proxy_set_header X-Forwarded-Proto $scheme;
       proxy_set_header Referer "";
       proxy_set_header Host $host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection "upgrade";
       proxy_http_version 1.1;
   }
}

另外,不要忘記創建 /etc/nginx/ssl 文件夾和 dhparam.pem 文件。

sudo mkdir /etc/nginx/ssl && sudo openssl dhparam -dsaparam -out /etc/nginx/ssl/dhparam.pem 4096

引用自:https://serverfault.com/questions/901187